1 files changed, 0 insertions, 468 deletions
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
deleted file mode 100644
index 47a69932a5..0000000000
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ /dev/null
@@ -1,468 +0,0 @@
-/* evp_pkey.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_DSA
-static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
-#endif
-/* Extract a private key from a PKCS8 structure */
-EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
-{
-        EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_RSA
-        RSA *rsa = NULL;
-#endif
-#ifndef OPENSSL_NO_DSA
-        DSA *dsa = NULL;
-        ASN1_INTEGER *privkey;
-        ASN1_TYPE *t1, *t2, *param = NULL;
-        STACK_OF(ASN1_TYPE) *ndsa = NULL;
-        BN_CTX *ctx = NULL;
-        int plen;
-#endif
-        X509_ALGOR *a;
-        unsigned char *p;
-        const unsigned char *cp;
-        int pkeylen;
-        char obj_tmp[80];
-        if(p8->pkey->type == V_ASN1_OCTET_STRING) {
-                p8->broken = PKCS8_OK;
-                p = p8->pkey->value.octet_string->data;
-                pkeylen = p8->pkey->value.octet_string->length;
-        } else {
-                p8->broken = PKCS8_NO_OCTET;
-                p = p8->pkey->value.sequence->data;
-                pkeylen = p8->pkey->value.sequence->length;
-        }
-        if (!(pkey = EVP_PKEY_new())) {
-                EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        a = p8->pkeyalg;
-        switch (OBJ_obj2nid(a->algorithm))
-        {
-#ifndef OPENSSL_NO_RSA
-                case NID_rsaEncryption:
-                cp = p;
-                if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        return NULL;
-                }
-                EVP_PKEY_assign_RSA (pkey, rsa);
-                break;
-#endif
-#ifndef OPENSSL_NO_DSA
-                case NID_dsa:
-                /* PKCS#8 DSA is weird: you just get a private key integer
-                 * and parameters in the AlgorithmIdentifier the pubkey must
-                 * be recalculated.
-                 */
-        
-                /* Check for broken DSA PKCS#8, UGH! */
-                if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
-                    if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, 
-                                                          d2i_ASN1_TYPE,
-                                                          ASN1_TYPE_free))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    if(sk_ASN1_TYPE_num(ndsa) != 2 ) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    /* Handle Two broken types:
-                     * SEQUENCE {parameters, priv_key}
-                     * SEQUENCE {pub_key, priv_key}
-                     */
-                    t1 = sk_ASN1_TYPE_value(ndsa, 0);
-                    t2 = sk_ASN1_TYPE_value(ndsa, 1);
-                    if(t1->type == V_ASN1_SEQUENCE) {
-                        p8->broken = PKCS8_EMBEDDED_PARAM;
-                        param = t1;
-                    } else if(a->parameter->type == V_ASN1_SEQUENCE) {
-                        p8->broken = PKCS8_NS_DB;
-                        param = a->parameter;
-                    } else {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    if(t2->type != V_ASN1_INTEGER) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    privkey = t2->value.integer;
-                } else {
-                        if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                                goto dsaerr;
-                        }
-                        param = p8->pkeyalg->parameter;
-                }
-                if (!param || (param->type != V_ASN1_SEQUENCE)) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                }
-                cp = p = param->value.sequence->data;
-                plen = param->value.sequence->length;
-                if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                }
-                /* We have parameters now set private key */
-                if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
-                        goto dsaerr;
-                }
-                /* Calculate public key (ouch!) */
-                if (!(dsa->pub_key = BN_new())) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-                        goto dsaerr;
-                }
-                if (!(ctx = BN_CTX_new())) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-                        goto dsaerr;
-                }
-                        
-                if (!BN_mod_exp(dsa->pub_key, dsa->g,
-                                                 dsa->priv_key, dsa->p, ctx)) {
-                        
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
-                        goto dsaerr;
-                }
-                EVP_PKEY_assign_DSA(pkey, dsa);
-                BN_CTX_free (ctx);
-                if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                else ASN1_INTEGER_free(privkey);
-                break;
-                dsaerr:
-                BN_CTX_free (ctx);
-                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                DSA_free(dsa);
-                EVP_PKEY_free(pkey);
-                return NULL;
-                break;
-#endif
-                default:
-                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
-                if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
-                else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
-                ERR_add_error_data(2, "TYPE=", obj_tmp);
-                EVP_PKEY_free (pkey);
-                return NULL;
-        }
-        return pkey;
-}
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
-{
-        return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
-}
-/* Turn a private key into a PKCS8 structure */
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
-{
-        PKCS8_PRIV_KEY_INFO *p8;
-        if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {        
-                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        p8->broken = broken;
-        if (!ASN1_INTEGER_set(p8->version, 0)) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                PKCS8_PRIV_KEY_INFO_free (p8);
-                return NULL;
-        }
-        if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                PKCS8_PRIV_KEY_INFO_free (p8);
-                return NULL;
-        }
-        p8->pkey->type = V_ASN1_OCTET_STRING;
-        switch (EVP_PKEY_type(pkey->type)) {
-#ifndef OPENSSL_NO_RSA
-                case EVP_PKEY_RSA:
-                if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
-                p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
-                p8->pkeyalg->parameter->type = V_ASN1_NULL;
-                if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,
-                                         &p8->pkey->value.octet_string)) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        PKCS8_PRIV_KEY_INFO_free (p8);
-                        return NULL;
-                }
-                break;
-#endif
-#ifndef OPENSSL_NO_DSA
-                case EVP_PKEY_DSA:
-                if(!dsa_pkey2pkcs8(p8, pkey)) {
-                        PKCS8_PRIV_KEY_INFO_free (p8);
-                        return NULL;
-                }
-                break;
-#endif
-                default:
-                EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
-                PKCS8_PRIV_KEY_INFO_free (p8);
-                return NULL;
-        }
-        RAND_add(p8->pkey->value.octet_string->data,
-                 p8->pkey->value.octet_string->length, 0);
-        return p8;
-}
-PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
-{
-        switch (broken) {
-                case PKCS8_OK:
-                p8->broken = PKCS8_OK;
-                return p8;
-                break;
-                case PKCS8_NO_OCTET:
-                p8->broken = PKCS8_NO_OCTET;
-                p8->pkey->type = V_ASN1_SEQUENCE;
-                return p8;
-                break;
-                default:
-                EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
-                return NULL;
-                break;
-                
-        }
-}
-#ifndef OPENSSL_NO_DSA
-static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
-{
-        ASN1_STRING *params = NULL;
-        ASN1_INTEGER *prkey = NULL;
-        ASN1_TYPE *ttmp = NULL;
-        STACK_OF(ASN1_TYPE) *ndsa = NULL;
-        unsigned char *p = NULL, *q;
-        int len;
-        p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
-        len = i2d_DSAparams (pkey->pkey.dsa, NULL);
-        if (!(p = OPENSSL_malloc(len))) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        q = p;
-        i2d_DSAparams (pkey->pkey.dsa, &q);
-        if (!(params = ASN1_STRING_new())) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        if (!ASN1_STRING_set(params, p, len)) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        OPENSSL_free(p);
-        p = NULL;
-        /* Get private key into integer */
-        if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-                goto err;
-        }
-        switch(p8->broken) {
-                case PKCS8_OK:
-                case PKCS8_NO_OCTET:
-                if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
-                                         &p8->pkey->value.octet_string)) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                M_ASN1_INTEGER_free (prkey);
-                prkey = NULL;
-                p8->pkeyalg->parameter->value.sequence = params;
-                params = NULL;
-                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-                break;
-                case PKCS8_NS_DB:
-                p8->pkeyalg->parameter->value.sequence = params;
-                params = NULL;
-                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-                if (!(ndsa = sk_ASN1_TYPE_new_null())) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp->value.integer =
-                        BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-                        goto err;
-                }
-                ttmp->type = V_ASN1_INTEGER;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp->value.integer = prkey;
-                prkey = NULL;
-                ttmp->type = V_ASN1_INTEGER;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp = NULL;
-                if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
-                                         &p8->pkey->value.octet_string->data,
-                                         &p8->pkey->value.octet_string->length)) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                break;
-                case PKCS8_EMBEDDED_PARAM:
-                p8->pkeyalg->parameter->type = V_ASN1_NULL;
-                if (!(ndsa = sk_ASN1_TYPE_new_null())) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp->value.sequence = params;
-                params = NULL;
-                ttmp->type = V_ASN1_SEQUENCE;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp->value.integer = prkey;
-                prkey = NULL;
-                ttmp->type = V_ASN1_INTEGER;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp = NULL;
-                if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
-                                         &p8->pkey->value.octet_string->data,
-                                         &p8->pkey->value.octet_string->length)) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                break;
-        }
-        return 1;
-err:
-        if (p != NULL) OPENSSL_free(p);
-        if (params != NULL) ASN1_STRING_free(params);
-        if (prkey != NULL) M_ASN1_INTEGER_free(prkey);
-        if (ttmp != NULL) ASN1_TYPE_free(ttmp);
-        if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-        return 0;
-}
-#endif

diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c deleted file mode 100644 index 47a69932a5..0000000000 --- a/src/lib/libcrypto/evp/evp_pkey.c +++ /dev/null
@@ -1,468 +0,0 @@
1	/* evp_pkey.c */
2	/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3	* project 1999.
4	*/
5	/* ====================================================================
6	* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58
59	#include <stdio.h>
60	#include <stdlib.h>
61	#include "cryptlib.h"
62	#include <openssl/x509.h>
63	#include <openssl/rand.h>
64
65	#ifndef OPENSSL_NO_DSA
66	static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO p8inf, EVP_PKEY pkey);
67	#endif
68
69	/* Extract a private key from a PKCS8 structure */
70
71	EVP_PKEY EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO p8)
72	{
73	EVP_PKEY *pkey = NULL;
74	#ifndef OPENSSL_NO_RSA
75	RSA *rsa = NULL;
76	#endif
77	#ifndef OPENSSL_NO_DSA
78	DSA *dsa = NULL;
79	ASN1_INTEGER *privkey;
80	ASN1_TYPE t1, t2, *param = NULL;
81	STACK_OF(ASN1_TYPE) *ndsa = NULL;
82	BN_CTX *ctx = NULL;
83	int plen;
84	#endif
85	X509_ALGOR *a;
86	unsigned char *p;
87	const unsigned char *cp;
88	int pkeylen;
89	char obj_tmp[80];
90
91	if(p8->pkey->type == V_ASN1_OCTET_STRING) {
92	p8->broken = PKCS8_OK;
93	p = p8->pkey->value.octet_string->data;
94	pkeylen = p8->pkey->value.octet_string->length;
95	} else {
96	p8->broken = PKCS8_NO_OCTET;
97	p = p8->pkey->value.sequence->data;
98	pkeylen = p8->pkey->value.sequence->length;
99	}
100	if (!(pkey = EVP_PKEY_new())) {
101	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
102	return NULL;
103	}
104	a = p8->pkeyalg;
105	switch (OBJ_obj2nid(a->algorithm))
106	{
107	#ifndef OPENSSL_NO_RSA
108	case NID_rsaEncryption:
109	cp = p;
110	if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {
111	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
112	return NULL;
113	}
114	EVP_PKEY_assign_RSA (pkey, rsa);
115	break;
116	#endif
117	#ifndef OPENSSL_NO_DSA
118	case NID_dsa:
119	/* PKCS#8 DSA is weird: you just get a private key integer
120	* and parameters in the AlgorithmIdentifier the pubkey must
121	* be recalculated.
122	*/
123
124	/* Check for broken DSA PKCS#8, UGH! */
125	if(*p == (V_ASN1_SEQUENCE\|V_ASN1_CONSTRUCTED)) {
126	if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen,
127	d2i_ASN1_TYPE,
128	ASN1_TYPE_free))) {
129	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
130	goto dsaerr;
131	}
132	if(sk_ASN1_TYPE_num(ndsa) != 2 ) {
133	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
134	goto dsaerr;
135	}
136	/* Handle Two broken types:
137	* SEQUENCE {parameters, priv_key}
138	* SEQUENCE {pub_key, priv_key}
139	*/
140
141	t1 = sk_ASN1_TYPE_value(ndsa, 0);
142	t2 = sk_ASN1_TYPE_value(ndsa, 1);
143	if(t1->type == V_ASN1_SEQUENCE) {
144	p8->broken = PKCS8_EMBEDDED_PARAM;
145	param = t1;
146	} else if(a->parameter->type == V_ASN1_SEQUENCE) {
147	p8->broken = PKCS8_NS_DB;
148	param = a->parameter;
149	} else {
150	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
151	goto dsaerr;
152	}
153
154	if(t2->type != V_ASN1_INTEGER) {
155	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
156	goto dsaerr;
157	}
158	privkey = t2->value.integer;
159	} else {
160	if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
161	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
162	goto dsaerr;
163	}
164	param = p8->pkeyalg->parameter;
165	}
166	if (!param \|\| (param->type != V_ASN1_SEQUENCE)) {
167	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
168	goto dsaerr;
169	}
170	cp = p = param->value.sequence->data;
171	plen = param->value.sequence->length;
172	if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {
173	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
174	goto dsaerr;
175	}
176	/* We have parameters now set private key */
177	if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
178	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
179	goto dsaerr;
180	}
181	/* Calculate public key (ouch!) */
182	if (!(dsa->pub_key = BN_new())) {
183	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
184	goto dsaerr;
185	}
186	if (!(ctx = BN_CTX_new())) {
187	EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
188	goto dsaerr;
189	}
190
191	if (!BN_mod_exp(dsa->pub_key, dsa->g,
192	dsa->priv_key, dsa->p, ctx)) {
193
194	EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
195	goto dsaerr;
196	}
197
198	EVP_PKEY_assign_DSA(pkey, dsa);
199	BN_CTX_free (ctx);
200	if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
201	else ASN1_INTEGER_free(privkey);
202	break;
203	dsaerr:
204	BN_CTX_free (ctx);
205	sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
206	DSA_free(dsa);
207	EVP_PKEY_free(pkey);
208	return NULL;
209	break;
210	#endif
211	default:
212	EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
213	if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
214	else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
215	ERR_add_error_data(2, "TYPE=", obj_tmp);
216	EVP_PKEY_free (pkey);
217	return NULL;
218	}
219	return pkey;
220	}
221
222	PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8(EVP_PKEY pkey)
223	{
224	return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
225	}
226
227	/* Turn a private key into a PKCS8 structure */
228
229	PKCS8_PRIV_KEY_INFO EVP_PKEY2PKCS8_broken(EVP_PKEY pkey, int broken)
230	{
231	PKCS8_PRIV_KEY_INFO *p8;
232
233	if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
234	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
235	return NULL;
236	}
237	p8->broken = broken;
238	if (!ASN1_INTEGER_set(p8->version, 0)) {
239	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
240	PKCS8_PRIV_KEY_INFO_free (p8);
241	return NULL;
242	}
243	if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
244	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
245	PKCS8_PRIV_KEY_INFO_free (p8);
246	return NULL;
247	}
248	p8->pkey->type = V_ASN1_OCTET_STRING;
249	switch (EVP_PKEY_type(pkey->type)) {
250	#ifndef OPENSSL_NO_RSA
251	case EVP_PKEY_RSA:
252
253	if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
254
255	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
256	p8->pkeyalg->parameter->type = V_ASN1_NULL;
257	if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,
258	&p8->pkey->value.octet_string)) {
259	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
260	PKCS8_PRIV_KEY_INFO_free (p8);
261	return NULL;
262	}
263	break;
264	#endif
265	#ifndef OPENSSL_NO_DSA
266	case EVP_PKEY_DSA:
267	if(!dsa_pkey2pkcs8(p8, pkey)) {
268	PKCS8_PRIV_KEY_INFO_free (p8);
269	return NULL;
270	}
271
272	break;
273	#endif
274	default:
275	EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
276	PKCS8_PRIV_KEY_INFO_free (p8);
277	return NULL;
278	}
279	RAND_add(p8->pkey->value.octet_string->data,
280	p8->pkey->value.octet_string->length, 0);
281	return p8;
282	}
283
284	PKCS8_PRIV_KEY_INFO PKCS8_set_broken(PKCS8_PRIV_KEY_INFO p8, int broken)
285	{
286	switch (broken) {
287
288	case PKCS8_OK:
289	p8->broken = PKCS8_OK;
290	return p8;
291	break;
292
293	case PKCS8_NO_OCTET:
294	p8->broken = PKCS8_NO_OCTET;
295	p8->pkey->type = V_ASN1_SEQUENCE;
296	return p8;
297	break;
298
299	default:
300	EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
301	return NULL;
302	break;
303
304	}
305	}
306
307	#ifndef OPENSSL_NO_DSA
308	static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO p8, EVP_PKEY pkey)
309	{
310	ASN1_STRING *params = NULL;
311	ASN1_INTEGER *prkey = NULL;
312	ASN1_TYPE *ttmp = NULL;
313	STACK_OF(ASN1_TYPE) *ndsa = NULL;
314	unsigned char p = NULL, q;
315	int len;
316
317	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
318	len = i2d_DSAparams (pkey->pkey.dsa, NULL);
319	if (!(p = OPENSSL_malloc(len))) {
320	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
321	goto err;
322	}
323	q = p;
324	i2d_DSAparams (pkey->pkey.dsa, &q);
325	if (!(params = ASN1_STRING_new())) {
326	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
327	goto err;
328	}
329	if (!ASN1_STRING_set(params, p, len)) {
330	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
331	goto err;
332	}
333	OPENSSL_free(p);
334	p = NULL;
335	/* Get private key into integer */
336	if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
337	EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
338	goto err;
339	}
340
341	switch(p8->broken) {
342
343	case PKCS8_OK:
344	case PKCS8_NO_OCTET:
345
346	if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
347	&p8->pkey->value.octet_string)) {
348	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
349	goto err;
350	}
351
352	M_ASN1_INTEGER_free (prkey);
353	prkey = NULL;
354	p8->pkeyalg->parameter->value.sequence = params;
355	params = NULL;
356	p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
357
358	break;
359
360	case PKCS8_NS_DB:
361
362	p8->pkeyalg->parameter->value.sequence = params;
363	params = NULL;
364	p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
365	if (!(ndsa = sk_ASN1_TYPE_new_null())) {
366	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
367	goto err;
368	}
369	if (!(ttmp = ASN1_TYPE_new())) {
370	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
371	goto err;
372	}
373	if (!(ttmp->value.integer =
374	BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
375	EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
376	goto err;
377	}
378	ttmp->type = V_ASN1_INTEGER;
379	if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
380	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
381	goto err;
382	}
383
384	if (!(ttmp = ASN1_TYPE_new())) {
385	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
386	goto err;
387	}
388	ttmp->value.integer = prkey;
389	prkey = NULL;
390	ttmp->type = V_ASN1_INTEGER;
391	if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
392	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
393	goto err;
394	}
395	ttmp = NULL;
396
397	if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
398	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
399	goto err;
400	}
401
402	if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
403	&p8->pkey->value.octet_string->data,
404	&p8->pkey->value.octet_string->length)) {
405
406	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
407	goto err;
408	}
409	sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
410	break;
411
412	case PKCS8_EMBEDDED_PARAM:
413
414	p8->pkeyalg->parameter->type = V_ASN1_NULL;
415	if (!(ndsa = sk_ASN1_TYPE_new_null())) {
416	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
417	goto err;
418	}
419	if (!(ttmp = ASN1_TYPE_new())) {
420	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
421	goto err;
422	}
423	ttmp->value.sequence = params;
424	params = NULL;
425	ttmp->type = V_ASN1_SEQUENCE;
426	if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
427	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
428	goto err;
429	}
430
431	if (!(ttmp = ASN1_TYPE_new())) {
432	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
433	goto err;
434	}
435	ttmp->value.integer = prkey;
436	prkey = NULL;
437	ttmp->type = V_ASN1_INTEGER;
438	if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
439	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
440	goto err;
441	}
442	ttmp = NULL;
443
444	if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
445	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
446	goto err;
447	}
448
449	if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
450	&p8->pkey->value.octet_string->data,
451	&p8->pkey->value.octet_string->length)) {
452
453	EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
454	goto err;
455	}
456	sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
457	break;
458	}
459	return 1;
460	err:
461	if (p != NULL) OPENSSL_free(p);
462	if (params != NULL) ASN1_STRING_free(params);
463	if (prkey != NULL) M_ASN1_INTEGER_free(prkey);
464	if (ttmp != NULL) ASN1_TYPE_free(ttmp);
465	if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
466	return 0;
467	}
468	#endif